那些遇到过的问题

小编Xym*_*mon的帖子

Spring security oauth2:在REST webservice中获取用户名

我已经创建了一个RESTful Web服务来执行工作流上的操作.使用我自己的授权服务器使用oauth2保护Web服务.我想在工作流程中添加有关谁对其执行操作的信息.我无法弄清楚是谁获取调用Web服务的用户名.

对于Web服务实现,我使用的是jersey(1.18.1),为了安全起见,我使用的是spring-security-oauth2(2.0.2.RELEASE).

我正在使用数据库令牌存储,它包含一个表OAUTH_ACCESS_TOKEN(TOKEN_ID,TOKEN,AUTHENTICATION_ID,USER_NAME,CLIENT_ID,AUTHENTICATION,REFRESH_TOKEN),它们看起来像包含正确的信息.它有用户名和令牌,但令牌看起来像一个序列化的java对象,所以我不能自己查询它.

网络服务:

@Component
@Path("/workflows")
public class WorkflowRestService {

    @POST
    @Path("/{id}/actions")
    @Produces(MediaType.APPLICATION_JSON)
    @Transactional
    public Response executeActions(@PathParam("id") String id, Map<String, Object> actionArgs) throws JAXBException, HealthDataException {

        //would like to have/get username here.

        Workflow workflow = workflowService.get(id);
        Action action = actionFactory.getAction(actionArgs);
        workflow.execute(action);
        Workflow update = workflowService.update(workflow);
        return Response.ok(update).build();
    }
}
Run Code Online (Sandbox Code Playgroud)

Web服务安全配置:

<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
       xmlns:sec="http://www.springframework.org/schema/security"
       xsi:schemaLocation="http://www.springframework.org/schema/context
        http://www.springframework.org/schema/context/spring-context-3.2.xsd
        http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
        http://www.springframework.org/schema/security
        http://www.springframework.org/schema/security/spring-security-3.2.xsd
        http://www.springframework.org/schema/security/oauth2
        http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd">

    <context:property-placeholder location="classpath:main.properties"/>

    <!-- Protected resources -->
    <http authentication-manager-ref="" pattern="/workflows/**"
          create-session="never"
          entry-point-ref="oauthAuthenticationEntryPoint"
          access-decision-manager-ref="accessDecisionManager"
          xmlns="http://www.springframework.org/schema/security">
        <anonymous enabled="false"/> …
Run Code Online (Sandbox Code Playgroud)

java jersey spring-security spring-security-oauth2

Xym*_*mon
lucky-day
6
推荐指数
1
解决办法
1万
查看次数

标签 统计

java ×1

jersey ×1

spring-security ×1

spring-security-oauth2 ×1